[German]Microsoft has started to implement multifactor authentication for its cloud offerings. Among other things, the Microsoft Authenticator app is used as a second factor for authentication. A blog reader got in touch because he ran into a problem with a customer. The use of the Microsoft Authenticator app is to be enforced there. But the Microsoft Authenticator app has long been in use there.
Advertising
Microsoft requires MFA
Microsoft has been using multifactor authentication to secure access to online accounts for months. I reported in the article Microsoft requires MFA for all Azure users; it begins in July 2024 in July 2024 that this changeover has already begun. Microsoft published the tech community article Microsoft will require MFA for all Azure users for all Azure users on May 17, 2024. The message in this post was that the Azure teams are starting to introduce additional security measures at the tenant level that require multi-factor authentication (MFA).
Multi-factor authentication (MFA) is a security method that requires users to provide two or more pieces of evidence to verify their identity before accessing a service or resource. The proof can be something the user knows (such as a password or PIN), something the user has (such as a phone or token), or something the user is (such as a fingerprint or facial scan), Microsoft writes.
The introduction of these security basics at tenant level is intended to create additional security to protect companies' cloud services and accounts. After the changeover, logging in to an Azure user account will require a second factor for approval. The previous standard authentication using a user name and password will no longer be sufficient. Microsoft writes that the implementation of the MFA login for Azure user accounts will be gradual and methodical in order to minimize the impact on customer use cases.
A customer ran into issues
German blog reader Clemens got in touch last week because he ran into a problem with a customer using MFA. He wrote, "I have been experiencing the phenomenon that the Microsoft Authenticator is being enforced at one of our customers for several months. The following dialog box appears when the customer logs in.
The dialog box say "Protect your account – your organization requires a fast and secure login using Microsoft Authenticator". There is a link to skip this rquirement several times (above still 2 skips left). Below are the settings.
Advertising
So it looks like Microsoft wants to enforce the Microsoft Authenticator app. The reader comments: "I haven't found anything about this on the web yet. That's why I wanted to ask you if you've heard anything along these lines? It is also interesting that resetting the MFA methods works as a workaround and makes the message disappear."
I haven't heard anything about this myself in recent weeks. However, I remember the blog post Microsoft 365/Exchange Online enforces suddenly MFA via Microsoft Authenticator app from March 2024.
German blog reader Dominik told me by email: "Perhaps the following article Update on MFA requirements for Azure sign-in – Microsoft Community Hub will also help to clarify the confusion. Currently only "apps" with special IDs are affected. But here too there will be problems, because very few admins look at the AppID in the tokens, and if I see that entra.microsoft.com and portal.azure.com have the same AppID, then there will be confusion again. The wording in Conditional Access also leads me to expect that, for example, if you have NOT currently set MFA for Trusted Locations (i.e. a client does not have to do MFA if it is in a "trusted location"), this will still be required in the future…"
Advertising
